Update class.auth.php

Fix for Auth Ticket generation & check mismatch #3005

Update class.auth.php
dcea76ea · Andrew Clarke · e2315506 · dcea76ea
Commit dcea76ea authored 9 years ago by Andrew Clarke
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -1061,7 +1061,7 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
            if (($ticket = Ticket::lookupByNumber($_GET['t'], $_GET['e']))
                    // Using old ticket auth code algo - hardcoded here because it
                    // will be removed in ticket class in the upcoming rewrite
-                    && !strcasecmp($_GET['a'], md5($ticket->getId() .  $_GET['e'] . SECRET_SALT))
+                    && !strcasecmp($_GET['a'], md5($ticket->getId() .  strtolower($_GET['e']) . SECRET_SALT))
                    && ($owner = $ticket->getOwner()))
                $user = new ClientSession($owner);
        }